Gnu Binutils vulnerabilities

CVE-2018-18605 [MEDIUM] CWE-125 CVE-2018-18605: A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a d

CVE-2019-14250 [MEDIUM] CWE-190 CVE-2019-14250: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_mat An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

CVE-2018-12641 [MEDIUM] CWE-400 CVE-2018-12641: An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2. An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This

CVE-2019-12972 [MEDIUM] CWE-125 CVE-2019-12972: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.

CVE-2016-4491 [MEDIUM] CVE-2016-4491: The d_print_comp function in cp-demangle The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."

CVE-2025-8224 [MEDIUM] CWE-404 CVE-2025-8224: A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerabilit A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may

CVE-2018-20651 [MEDIUM] CWE-476 CVE-2018-20651: A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.

CVE-2018-20671 [MEDIUM] CWE-190 CVE-2018-20671: load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.

CVE-2016-4490 [MEDIUM] CVE-2016-4490: Integer overflow in cp-demangle Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.

CVE-2018-20673 [MEDIUM] CWE-190 CVE-2018-20673: The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

CVE-2020-35496 [MEDIUM] CWE-476 CVE-2020-35496: There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacke There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.

CVE-2025-69651 [MEDIUM] CWE-476 CVE-2025-69651: GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when p GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt

CVE-2025-3198 [MEDIUM] CWE-401 CVE-2025-3198: A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch

CVE-2018-18606 [MEDIUM] CWE-476 CVE-2018-18606: An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of ser

CVE-2018-18607 [MEDIUM] CWE-476 CVE-2018-18607: An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) libra An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service

CVE-2017-15023 [MEDIUM] CWE-476 CVE-2017-15023: read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as dist read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

CVE-2018-19932 [MEDIUM] CWE-190 CVE-2018-19932: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

CVE-2018-18484 [MEDIUM] CWE-674 CVE-2018-18484: An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stac An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.

CVE-2019-9071 [MEDIUM] CWE-674 CVE-2019-9071: An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consump An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

CVE-2016-4488 [MEDIUM] CVE-2016-4488: Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, re Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."